Privacy
Given GDPR, CCPA, and other similar legislation about online privacy, perhaps it is better to also discuss how this blog handles these concerns.
The short answer is that there is nothing to worry about. No private data about visitors is being stored here.
This is because this blog is statically generated, does not have any user accounts, does not allow comments. In fact, unless explicitly required by an article (i.e., for demos), I am not storing any cookie and minimizing JavaScript usage. If an article needs to use cookies, it will be marked accordingly. In either case, core functionality will be available even to visitors that don’t want to use cookies or JavaScript (assuming LaTeX-style text-only math is acceptable).
I am not using Google Analytics or any other client-side view tracking service. This way, the fact that you accessed a page on this website will not leave a trace beyond your browser’s history and my server’s weblogs.
There won’t be any tracking pixels or ads served from this blog. The share buttons to social media (if ever present) will be implemented in such a way that the social media provider will know about your visit only after you intentionally clicked on them (for example by implementing them via custom characters and links). Even the custom fonts used by this blog are being served from the server’s host, so there should be no connection to other pages.
The only data that I see is what gets stored into the nginx logs. I may use tools to parse the logs and periodically generate statistics. The raw logs will be deleted every year, only the aggregated statistics will be kept around. Whenever these statistics are published, I will anonymize the data by applying a mixture of k-anonymity and Differential Privacy.
Finally, there is no data about a visit that I can delete, except the one stored in the web server log. This contains the IP from where the request came, what page was requested, and, optionally, a referrer. This data could be deleted upon request to my personal email address, provided I know beyond any doubt that the IP in the request belongs to the person requesting the deletion. When performing the deletion, I will also make sure to remove it from the aggregated statistics, if needed.
Comments:
There are 0 comments (add more):